Microsoft Graph API Permissions required by DatabeatOMNI - Business Enterprise Application

This knowledge article explains which delegated and/or application permissions the DatabeatOMNI - Business Enterprise Application will need to function based on your setup and selected features when using the Microsoft 365 Integration in DatabeatOMNI

In this knowledge article, we have added permissions pr. feature category. You can read more about the different permissions directly from Microsoft Learn Center or on Databeat articles about each specific feature; check out the DatabeatOMNI Microsoft 365 Integration overview.

Note that all application permissions are in italics and have the (application) tag behind Also note that some of the permissions may have already been granted before as they may be required in basic features like the Sign In feature. I.E. delegated "Sign in and read user profile" and delegated "Maintain access to data you have given it access to" are required by multiple features.

The integration is managed in DatabeatOMNI Microsoft 365 Permissions Panel displayed here:Microsoft 365 Permissions Panel

Sign in with Microsoft 365 User

  • Maintain access to data you have given it access to
  • Sign in and read user profile
  • Read all users' basic profiles

User and Roles: Manual or Automatic user registration

  • No additional permission required

Users and Roles: User Role Management with Microsoft 365 Groups

  • Read all users' full profiles
  • Read all groups
  • Read group memberships
  • Maintain access to data you have given it access to

Calendar: Read Only

  • Read all company places (Application)
  • Read all users' full profiles (Application)
  • Read calendars in all mailboxes (Application)
  • Sign in and read user profile (Application and Delegated)
  • Read and write organization places
  • Read and write all users' full profiles
  • Have full access to user calendars
  • Maintain access to data you have given it access to

Setting up the Calendar integration to Read Only will register a separate Enterprise Application called DatabeatOMNI - Business - ReadOnly. Hence you might have two apps registered in your Azure Enterprise Applications.

Calendar: Read and Write

  • Read all company places (Application)
  • Read all users' full profiles (Application)

  • Read and write calendars in all mailboxes (Application)

  • Sign in and read user profile (Application and Delegated)

  • Read and write organization places

  • Read and write all users' full profiles

  • Have full access to user calendars

  • Maintain access to data you have given it access to

Power BI

  • View all dashboards
  • View all datasets
  • View all reports
  • View all workspaces
  • Sign in and read user profile
  • Maintain access to data you  have given it access to

Teams and SharePoint

  • Sign in and read user profile
  • Read the names and descriptions of teams
  • Create, edit, and delete items and lists in all site collections
  • Maintain access to data you have given it access to

Admin

  • Read and write all users' full profiles
  • Read all groups
  • Read and write group memberships
  • Read and write organization places
  • Have full access to user calendars
  • Sign in and read user profile
  • Maintain access to data you have given it access to

Allow Calendar preview

  • No further permissions are necessary as it is contingent on Calendar and Admin.